diff options
| author | Bodo Möller <bodo@openssl.org> | 2010-08-26 15:15:47 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2010-08-26 15:15:47 +0000 |
| commit | 7c2d4fee2547650102cd16d23f8125b76112ae75 (patch) | |
| tree | b65012d1d3e0ee6d3dae907da20a00f3cbd0d56e /ssl/ssl.h | |
| parent | f16176dab409c8de444315ba00c4eff36dd0e063 (diff) | |
For better forward-security support, add functions
SSL_[CTX_]set_not_resumable_session_callback.
Submitted by: Emilia Kasper (Google)
[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]
Diffstat (limited to 'ssl/ssl.h')
| -rw-r--r-- | ssl/ssl.h | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -468,6 +468,9 @@ typedef struct ssl_session_st char *psk_identity_hint; char *psk_identity; #endif + /* Used to indicate that session resumption is not allowed. + * Applications can also set this bit for a new session via + * not_resumable_session_cb to disable session caching and tickets. */ int not_resumable; /* The cert is the certificate used to establish this connection */ @@ -811,6 +814,10 @@ struct ssl_ctx_st X509_VERIFY_PARAM *param; + /* Callback for disabling session caching and ticket support + * on a session basis, depending on the chosen cipher. */ + int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure); + #if 0 int purpose; /* Purpose setting */ int trust; /* Trust setting */ @@ -1088,6 +1095,10 @@ struct ssl_st X509_VERIFY_PARAM *param; + /* Callback for disabling session caching and ticket support + * on a session basis, depending on the chosen cipher. */ + int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure); + #if 0 int purpose; /* Purpose setting */ int trust; /* Trust setting */ @@ -1477,6 +1488,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_RI_SUPPORT 76 #define SSL_CTRL_CLEAR_OPTIONS 77 #define SSL_CTRL_CLEAR_MODE 78 +#define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1875,6 +1887,12 @@ int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, unsigned char *context, int context_len, unsigned char *out, int olen); +void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, + int (*cb)(SSL *ssl, int is_forward_secure)); + +void SSL_set_not_resumable_session_callback(SSL *ssl, + int (*cb)(SSL *ssl, int is_forward_secure)); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. |